Media is too big
VIEW IN TELEGRAM
βοΈ A scammer was caught using an AI face mask to hide his true identity.
He works for a fake company called "Global Metrix", which offers recovery services for stolen crypto.
He works for a fake company called "Global Metrix", which offers recovery services for stolen crypto.
π€£19β€1π1π1
Me meeting up with my insiders for status updates on recent supply chain attacks.
π€£10π8β€4π₯1
π¨βΌοΈ MAJOR SUPPLY CHAIN ATTACK: npm package axios is compromised after the maintainer's npm account was hijacked.
Malicious versions contain a Remote Access Trojan. axios has 100M+ weekly downloads β it's in practically everything.
If you have installed [email protected] or [email protected], assume compromise.
Axios' lead maintainer jasonsaayman's npm account was compromised β email was swapped to an anonymous Proton Mail address.
Both malicious versions were pushed manually via npm CLI, bypassing GitHub Actions OIDC entirely, without commits.
π΄ Stepsecurity report: https://stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan
π΄ Socket report:
https://socket.dev/blog/axios-npm-package-compromised
Malicious versions contain a Remote Access Trojan. axios has 100M+ weekly downloads β it's in practically everything.
If you have installed [email protected] or [email protected], assume compromise.
Axios' lead maintainer jasonsaayman's npm account was compromised β email was swapped to an anonymous Proton Mail address.
Both malicious versions were pushed manually via npm CLI, bypassing GitHub Actions OIDC entirely, without commits.
π΄ Stepsecurity report: https://stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan
π΄ Socket report:
https://socket.dev/blog/axios-npm-package-compromised
β€8π₯΄2
π¨βΌοΈ BREAKING: Claude Code's source code has been leaked via a map file exposed in Anthropic's npm registry.
The leaked code appears to reveal new and previously undisclosed features.
Source code backups:
1)
https://github.com/chatgptprojects/claude-code
2)
https://pub-aea8527898604c1bbb12468b1581d95e.r2.dev/src.zip
The leaked code appears to reveal new and previously undisclosed features.
Source code backups:
1)
https://github.com/chatgptprojects/claude-code
2)
https://pub-aea8527898604c1bbb12468b1581d95e.r2.dev/src.zip
π12π±6β€5π3
Please open Telegram to view this post
VIEW IN TELEGRAM
π€£21π3
βΌοΈ Meet the guy almost everyone loves for alerting the axios devs about the supply chain attack.
He built a supply chain monitoring system last week, and was alerted within minutes of the axios compromise.
The world should be thanking Elastic Security's finest:
Joe
X:dez_
He built a supply chain monitoring system last week, and was alerted within minutes of the axios compromise.
The world should be thanking Elastic Security's finest:
Joe
X:dez_
π€£8β€1
This media is not supported in your browser
VIEW IN TELEGRAM
Joe is our saviour. Respect Joe.
π₯°8π€£7